Installation guide
264 Chapter 18. Lightweight Directory Access Protocol (LDAP)
18.7.2.2. On the Clients, Edit /etc/ldap.conf and /etc/openldap/ldap.conf
On all client machines, both /etc/ldap.conf and /etc/openldap/ldap.conf need to contain
the proper server and search base information for your organization.
The simplest way to do this is to run the authconfig application and select Use LDAP on the the User
Information Configuration screen.
You can also edit these files by hand.
18.7.2.3. On the Clients, Edit /etc/nsswitch.conf
On all client machines, the /etc/nsswitch.conf must be edited to use LDAP.
The simplest way to do this is to run the authconfig application and select Use LDAP on the the User
Information Configuration screen.
If editing /etc/nsswitch.conf by hand, add ldap to the appropriate fields.
For example:
passwd: files ldap
shadow: files ldap
group: files ldap
18.7.2.4. PAM and LDAP
To have standard PAM-enabled applications use LDAP for authentication, run authconfig and select
Use LDAP Authentication on the the Authentication Configuration screen. For more on configur-
ing PAM consult, Chapter 7 and the PAM man pages.
18.7.3. Migrating Old Authentication Information to LDAP Format
The /usr/share/openldap/migration/ directory contains a set of shell and Perl scripts for mi-
grating authentication information into LDAP format.
Note
You must have Perl installed on your system to use these scripts.
First, you will need to modify the migrate_common.ph file so that it reflects your domain. The
default DNS domain should be changed from its default value to something like:
$DEFAULT_MAIL_DOMAIN = "your_company ";
The default base should also be changed, to something like:
$DEFAULT_BASE = "dc=your_company,dc=com";
The job of migrating a user database into a format LDAP can read falls to a group of migration scripts
installed with the nss_ldap package. Using Table 18-1, decide which script to run in order to migrate
your user database.